昨天为自己的网站实现了QQ登陆的功能,虽然,没有进行绑定,但是在技术层面上来说,已经了解了一点腾讯开放平台的协议.
具体什么是OAUTH,请您GG一下吧...
关于腾讯的开放平台,最主要的就是参数一定不能多,能有的要有,不能有的一定不能有.不然提交过去,就会提示什么什么错了.
最关键的就是签名的方式,下面就是我的签名的代码
1 /// <summary>
2 /// 每一步不同的生成签名的方式
3 /// </summary>
4 /// <returns></returns>
5 protected virtual String BuildSignature(String SignatureHost)
6 {
7 String PostMethodString = "GET&";
8 StringBuilder ParamString = new StringBuilder();
9 this.CurrentStepParameters
10 .OrderBy(c => c.Key.ToString())
11 .ToList()
12 .ForEach(c =>
13 {
14 if (c.Key != OAuthParameterName.oauth_signature &&
15 c.Key != OAuthParameterName.timestamp)
16 {
17 if (ParamString.Length > 0)
18 {
19 ParamString.Append("&");
20 }
21 var p = c.Value;
22 ParamString.Append(p.OAuthOringinaName);
23 ParamString.Append("=");
24 ParamString.Append(p.Value);
25 }
26 }
27 );
28 StringBuilder SignData = new StringBuilder();
29 SignData.Append(PostMethodString);
30 SignData.Append(OAuthHelper.UrlEncode(SignatureHost));
31 SignData.Append("&");
32 SignData.Append(OAuthHelper.UrlEncode(ParamString.ToString()));
33
34 //密钥
35 String SecretKey = String.Format("{0}&{1}", this.AppKey, this.AuthorizedTokenKey);
36 String SignContent = SignData.ToString();
37 String Signature = Convert.ToBase64String(OAuthHelper.HMACSHA1Code(SignContent, SecretKey));
38 return Signature;
39 }
2 /// 每一步不同的生成签名的方式
3 /// </summary>
4 /// <returns></returns>
5 protected virtual String BuildSignature(String SignatureHost)
6 {
7 String PostMethodString = "GET&";
8 StringBuilder ParamString = new StringBuilder();
9 this.CurrentStepParameters
10 .OrderBy(c => c.Key.ToString())
11 .ToList()
12 .ForEach(c =>
13 {
14 if (c.Key != OAuthParameterName.oauth_signature &&
15 c.Key != OAuthParameterName.timestamp)
16 {
17 if (ParamString.Length > 0)
18 {
19 ParamString.Append("&");
20 }
21 var p = c.Value;
22 ParamString.Append(p.OAuthOringinaName);
23 ParamString.Append("=");
24 ParamString.Append(p.Value);
25 }
26 }
27 );
28 StringBuilder SignData = new StringBuilder();
29 SignData.Append(PostMethodString);
30 SignData.Append(OAuthHelper.UrlEncode(SignatureHost));
31 SignData.Append("&");
32 SignData.Append(OAuthHelper.UrlEncode(ParamString.ToString()));
33
34 //密钥
35 String SecretKey = String.Format("{0}&{1}", this.AppKey, this.AuthorizedTokenKey);
36 String SignContent = SignData.ToString();
37 String Signature = Convert.ToBase64String(OAuthHelper.HMACSHA1Code(SignContent, SecretKey));
38 return Signature;
39 }
这里的CurrentStepParameters是在构造方式里进行赋值,或者其它地方,签名里最关键的,就是oauth_signature和timestamp这两个参数,要记得去掉,在这里,我选择了过滤.
因为有的时候,CurrentStepParameters这个字典从querystring来生成的话会简单点还有能复用.
在所有参数中,有几个是经常会用到的.
所以,在此我建立了一个通用参数生成方法
1 protected virtual void AddCommonParameters()
2 {
3 if (this.CurrentStepParameters != null)
4 {
5 //增加通用参数
6 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_consumer_key, this.AppID);
7 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_nonce, DateTime.UtcNow.Ticks.ToString());
8 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_timestamp, OAuthHelper.GenerateTimestamp());
9 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_version, "1.0");
10 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_signature_method, "HMAC-SHA1");
11 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_client_ip, "1");
12
13 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_token_secret))
14 {
15 this.AuthorizedTokenKey = CurrentStepParameters[OAuthParameterName.oauth_token_secret].Value;
16 }
17
18 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_signature))
19 {
20 CurrentStepParameters.Remove(OAuthParameterName.oauth_signature);
21 }
22
23 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.timestamp))
24 {
25 CurrentStepParameters.Remove(OAuthParameterName.timestamp);
26 }
27 }
28 }
2 {
3 if (this.CurrentStepParameters != null)
4 {
5 //增加通用参数
6 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_consumer_key, this.AppID);
7 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_nonce, DateTime.UtcNow.Ticks.ToString());
8 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_timestamp, OAuthHelper.GenerateTimestamp());
9 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_version, "1.0");
10 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_signature_method, "HMAC-SHA1");
11 this.CurrentStepParameters.AddParam(OAuthParameterName.oauth_client_ip, "1");
12
13 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_token_secret))
14 {
15 this.AuthorizedTokenKey = CurrentStepParameters[OAuthParameterName.oauth_token_secret].Value;
16 }
17
18 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.oauth_signature))
19 {
20 CurrentStepParameters.Remove(OAuthParameterName.oauth_signature);
21 }
22
23 if (this.CurrentStepParameters.ContainsKey(OAuthParameterName.timestamp))
24 {
25 CurrentStepParameters.Remove(OAuthParameterName.timestamp);
26 }
27 }
28 }
下面是一个测试地址 :http://www.changshu.so/Tencent , 之后等完成绑定后,地址会删除
组件下载地址 : https://files.cnblogs.com/sam251/CSCMS.Secrity.OAuth.rar
后续还有绑定的需要自己去实现了.如果能有通用的方式,我会定时更新,另外,其它OAUTH,比如SINA的,正在研究.
本程序里的OAuthHelper.GenerateTimestamp());
原文地址:http://www.cnblogs.com/sam251/archive/2011/09/15/oauth_tencent.html